Task 6.6 Role based cli

I'm trying to enable view in R5 and I'm getting the message:

" %AAA-6-USER_BLOCKED: Enable view requires to be authenticated by non-none methods,Please use the appropriate method with the login authentication"

Is it a bug ?

Comments

  • Hello, try to do your configuration via telneting the router not from the console.

  • conf t

     

    username admin secret cisco

    aaa authentication login VTYS local

    line vty 0 4

    login authentication VTYS

    Then telnet to one of your IP addresses.    You could put authentication on the console too, but it would be safer on the VTY lines.

     

    Best wishes,

  • Weird thing......

    If I enable view on local R5 router, I see the "interface" command under show ?

    Rack1R5#enable view INTERN
    Password:

    Rack1R5#show ?
      clock       Display the system clock
      flash:      display information about flash: file system
      interfaces  Interface status and configuration
      parser      Show parser commands

    However, If I telnet to R5 and repeat the same show comand, but this time the "interface" command is missing from the output

    Rack1R6#telnet 150.1.5.5
    Trying 150.1.5.5 ... Open

    User Access Verification

    Username: INTERN
    Password:

    Rack1R5>show ?
      clock   Display the system clock
      flash:  display information about flash: file system
      parser  Show parser commands

    Does anyone have the same problem?

    OK, I did some more testings and found out that eventhough show interface is not listed but I was still able to do show interface as follow:  Weird....

    Rack1R5>sh int fa0/0
    FastEthernet0/0 is up, line protocol is up
      Hardware is Gt96k FE, address is 0025.8433.6014 (bia 0025.8433.6014)
      Internet address is 164.1.5.5/24
      MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full-duplex, 100Mb/s, 100BaseTX/FX
      ARP type: ARPA, ARP Timeout 04:00:00

    I tried other commands that are not listed and it is not working as expected

    Rack1R5>show ver
                 ^
    % Invalid input detected at '^' marker.

  • I just did:

    username CISCO privilege 15 password 0 CISCO
    username INTERN privilege 0 password 0 INTERN

    privilege exec level 1 help --> Move "help" from 0 to 1
    privilege exec level 1 disable --> -''-
    privilege exec level 1 show call --> -''-
    privilege exec level 0 show clock --> Move sh clock to 0
    privilege exec level 0 show parser --> -''-
    privilege exec level 0 show interfaces --> -''-
    privilege exec level 0 show --> -''-
    privilege exec level 1 logout --> Move "logout from 0 to 1

    Result is:

    Trying 150.1.5.5 ... Open


    User Access Verification

    Username: INTERN
    Password:
    Rack1R5>?
    Exec commands:
      <1-99>  Session number to resume
      enable  Turn on privileged commands
      exit    Exit from the EXEC
      show    Show running system information

    Rack1R5>show ?
      clock       Display the system clock
      flash:      display information about flash: file system
      interfaces  Interface status and configuration
      parser      Show parser commands

  • Yes, same issue here on Dynamips with the visibility of the 'interfaces' option.

  • However, If I telnet to R5 and repeat the same show comand, but this time the "interface" command is missing from the output

    OK, I did some more testings and found out that eventhough show interface is not listed but I was still able to do show interface as follow:  Weird....

    Exactly the same here.

    I tried going back and adding some other random commands to the parser view, but when i telnet in to the router these too are not shown::

     

    Rack1R5#sh run | se parser
    parser view INTERN
     secret 5 $1$WkdQ$GzH3ek4YJdnhxTRMNzykP.
     commands exec include show ntp status
     commands exec include show clock
     commands exec include show interfaces
     commands exec include show

     

    then:

    Rack1R4#telnet 150.1.5.5
    Trying 150.1.5.5 ... Open


    User Access Verification

    Username: INTERN
    Password:

    Rack1R5>show ?
      clock   Display the system clock
      flash:  display information about flash: file system
      parser  Show parser commands

    Rack1R5>show ntp status
    %NTP is not enabled.
    Rack1R5>

     

    I am putting this down to a mistake in the question.. [:)]

Sign In or Register to comment.